qakbot | e6ff691d2e341c00aa751274bfc0cc7df7439742526c1f9fe85f01b6e562956f

General

Target

SCANED_IX4924.img
Size

1020KB
Sample

221212-3ehrfaga61
MD5

9d4997b875c454388f9b847732bff04b
SHA1

ec60119c2c09bd56cc2da3a6add73b5795740d66
SHA256

e6ff691d2e341c00aa751274bfc0cc7df7439742526c1f9fe85f01b6e562956f
SHA512

44a6d99cf19d211acf17543768ca48148eb12a20790e5c17ca74437cd5997833d9c324805b18ed5fc97afd6de12dc29e9be9550589903b1c844f57a069b2905b
SSDEEP

24576:J/CP1jVtkBKzsU4gL7WZ7tqb72eRbJ4d:O1jVT4uSZw2eYd

Score

10^/10

Malware Config

Extracted

Family

qakbot

Version

404.46

Botnet

azd

Campaign

1670585059

C2

173.239.94.212:443

91.169.12.198:32100

74.66.134.24:443

66.191.69.18:995

182.75.189.42:995

78.69.251.252:2222

98.145.23.67:443

103.71.21.107:443

197.94.219.133:443

91.68.227.219:443

12.172.173.82:993

86.176.83.127:2222

64.121.161.102:443

41.98.21.114:443

92.154.17.149:2222

151.65.67.211:443

89.129.109.27:2222

76.11.14.249:443

69.119.123.159:2222

70.66.199.12:443

Attributes

salt
SoNuce]ugdiB3c[doMuce2s81*uXmcvP

Targets

- Target
  
  NewFiles/DetailedInfo.cmd
- Size
  
  9KB
- MD5
  
  082fabea513b944ada653c86ce886269
- SHA1
  
  a8c4db7286e01ef0da19f832dea9e38720dc9f70
- SHA256
  
  379888063f39779d0ee31114582672011c27b614ca713704bfb61175d3cd28c2
- SHA512
  
  746b17fb479fabcb43241d5b54157fa6f78f7bea7555444df50f0abbd0bdc8f69499533e1e1340a76211bcde4511a22afec06b6a252fa2997fac99a7e8e0d291
- SSDEEP
  
  192:QVnctK1Vi5GY8RhTShe8+65e1i/QmI5P6+Yv9HMGRDyFGzM4su+vfbWm3QCRSJeW:mHPPvTShec5e1i/XwPNu9HMGFyFttvfG
Score

10^/10

qakbot azd 1670585059 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
behavioral1 behavioral2
- Target
  
  NewFiles/Issues.patch
- Size
  
  733KB
- MD5
  
  2ce5d3181724eb9a9cde5c012c62f6cf
- SHA1
  
  12cb1f36b803f5fa5c19e1280baeb4fe003ef668
- SHA256
  
  c4604b13ad722f6b8232d8b570cd8974d1f75a0e03f7302517374268c148af81
- SHA512
  
  5922ebd7b12c6e84a8b4f09c4764064d501461e100e66cf3f1c7b1333b29e8b3bbd258f2cb6074b961806f5fee2abf30cb153ab3d91e5f6f6cdf7d6c93ea64b8
- SSDEEP
  
  12288:bx5BlbjoVPn84C8oSZTkwvFsaLJ5sU4gzpl7WQnLI7QAeh+nqb7/ODsrETSeWBE:b/CP1jVtkBKzsU4gL7WZ7tqb72eR
Score

3^/10
behavioral3 behavioral4
- Target
  
  SCANED_IX4924.lnk
- Size
  
  1KB
- MD5
  
  fc3e4932e8c1a5b224824a7297420bc1
- SHA1
  
  be5dde2645e350701aa07821ace081a3c27357af
- SHA256
  
  247e39d42810c106956f2c391007f613b9c9ad63914609ac6e1641defdebcc42
- SHA512
  
  715434f006945e724fc7da18b184ae9c65280ded7006264a67a6226df7603c8aaa31bb6d8787f58d90fee1cdea770e7536063ac53bee1e08cab1428cecbf330e
Score

10^/10

qakbot azd 1670585059 banker stealer trojan
- Qakbot/Qbot
  Qbot or Qakbot is a sophisticated worm with banking capabilities.
  trojan banker stealer qakbot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Qakbot/Qbot

Qakbot/Qbot

Checks computer location settings

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6